Serious OpenSSL vulnerability
Dan Thurman
dant at cdkkt.com
Wed Apr 9 18:52:49 UTC 2014
On 04/08/2014 02:55 AM, Patrick O'Callaghan wrote:
> https://www.openssl.org/news/secadv_20140407.txt
>
> See also http://heartbleed.com/ and
> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>
> This is potentially very serious and can cause leakage of private keys
> and other information.
>
> The current version of OpenSSL on Fedora (standard repos and Koji) is
> 1.0.1e, which has this vulnerability. An upgrade to 1.0.1g should be
> provided urgently.
>
> poc
>
I know that F18 is EOL & vulnerable, so
can I backport OpenSSL with a fix? I am'
not ready to upgrade at this time...
Dan
More information about the users
mailing list